A new wave of cyberattacks is targeting employees searching for payroll portals via Google, leading to salary hijacking through fake websites, mobile phishing traps, and compromised home routers. These attacks are sophisticated and stealthy, exploiting recent data leaks to create highly personalized scams. A novel technique called 'Browser-in-the-Middle' attack has emerged, allowing hackers to intercept user sessions by tricking victims into entering credentials on a malicious browser interface, effectively bypassing multi-factor authentication (MFA). Additionally, attackers are purchasing live access to corporate services such as Microsoft 365, AWS, and Slack without needing passwords or MFA, based on analysis of over 20 million stealer logs by cybersecurity firm Flare. These developments mark a shift from traditional password theft to session hijacking, posing new challenges for cybersecurity defenses.